There is some rather arcane code to help when an IRET returnsto 16-bit segments. It is referred to as the "espfix" code.This consists of a few per-CPU variables:

espfix_stack: tells us where the stack is allocated (the bottom)

espfix_waddr: tells us to where %rsp may be pointed (the top)

These are in addition to the stack itself. All three things mustbe mapped for the espfix code to function.

Note: the espfix code runs with a kernel GSBASE, but user(shadow) page tables. A switch to the kernel page tables couldbe performed instead of mapping these structures, but mappingthem is simpler and less likely to break the assembly. To switchover to the kernel copy, additional temporary storage would berequired which is in short supply in this context.